package com.qy139.auth.config;

import com.qy139.util.CommUtil;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;

@Configuration
@EnableResourceServer
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class ResourceConfig extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/tab-user/findRolesById","/tab-user/getByUserName","/tab-menu/findMenuById").permitAll()
                .anyRequest().authenticated()
                //.access("@RbacConfig.hasPermission(request,authentication)")
                .and()
                .csrf().disable();// csrf
    }

    @Bean
    public ResourceServerTokenServices tokenServices(){
        RemoteTokenServices remoteTokenServices = new RemoteTokenServices();
        remoteTokenServices.setCheckTokenEndpointUrl("http://localhost:8082/oauth/check_token");
        remoteTokenServices.setClientId(CommUtil.CLIENT_ID);
        remoteTokenServices.setClientSecret(CommUtil.CLIENT_SECRET);
        return remoteTokenServices;
    }
}
